Multiple CNAMES

G

Guest

Hi All,

My company recently upgraded our DNS servers from BIND to Windows 2003.
The upgrade went flawlessly, however since doing so we are have trouble
resolving certain names at other sites. Specifically, addresses created
using multiple cnames do not resolve at all - instead they failed with a
'server failed' message. A publicly accessible name that fails to resolve
is hats.princeton.edu.

Just for clarification, here is an example of what I mean by multiple CNAMES:

host.domain.com CNAME host1.domain.com
host.domain.com CNAME host2.domain.com
host1.domain.com A 1.2.3.4
host2.domain.com A 1.2.3.5

I know multiple cnames are against RFC's and only really supported in older
versions of BIND. However, is there anything I can do on my DNS servers to
enable resolution of the names?

I was able to add forwarders for hats.princeton.edu and the other 'broken'
names using multiple CNAMES to forward the requests to the name servers
responsible for that domain (I looked up the NS records). However, this
seems like a big hack and I'd like to find a better solution.

Thanks,
-Dan
 
K

Kevin D. Goodknecht Sr. [MVP]

In
Dan said:
Hi All,

My company recently upgraded our DNS servers from BIND to
Windows 2003.
The upgrade went flawlessly, however since doing so we
are have trouble resolving certain names at other sites.
Specifically, addresses created using multiple cnames do
not resolve at all - instead they failed with a 'server
failed' message. A publicly accessible name that fails
to resolve is hats.princeton.edu.

Just for clarification, here is an example of what I mean
by multiple CNAMES:

host.domain.com CNAME host1.domain.com
host.domain.com CNAME host2.domain.com
host1.domain.com A 1.2.3.4
host2.domain.com A 1.2.3.5

I know multiple cnames are against RFC's and only really
supported in older versions of BIND. However, is there
anything I can do on my DNS servers to enable resolution
of the names?

That is the reason why multiple CNAMES with the same name aren't supported,
RFC1912 2.4 plainly states: "A CNAME record is not allowed to coexist with
any other data". This is especially bad since you're pointing the two CNAMES
to different hosts.
http://www.faqs.org/rfcs/rfc1912.html
 
J

Jonathan de Boyne Pollard

D> host.domain.com CNAME host1.domain.com
D> host.domain.com CNAME host2.domain.com

These data are incorrect. Microsoft's DNS server is within its rights
to treat this as an error and fail query resolution. The only other
reasonable strategy for a resolving proxy DNS server in the face of such
data is to use just one of the resource records in the set, leading to
unspecified results.

D> I know multiple cnames are against RFC's and only really supported in
D> older versions of BIND. However, is there anything I can do on my
D> DNS servers to enable resolution of the names?

Cure the disease, not the symptoms. Have the erroneous data corrected.

D> I was able to add forwarders for hats.princeton.edu and the other
D> 'broken' names using multiple CNAMES

"hats.princeton.edu." does not have multiple "CNAME" resource records
when I look it up. It has exactly one. The TTL of the "CNAME" resource
record is zero, a rather foolish (and needless) thing for the
administrator to do, but there is only the one such record.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top